Lucene search
K

195539 matches found

CNNVD
CNNVD
added 2026/05/30 12:0 a.m.12 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the “country” parameter, which may allow unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.14 views

Yamcs security vulnerabilities

Yamcs is an open-source software framework developed by Yamcs. It is used for commanding and controlling spacecraft, satellites, payloads, ground stations, and ground equipment. Yamcs has a security vulnerability that stems from allowing enumeration of users...

5.8AI score0.00028EPSS
Exploits2References1
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.10 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the actor parameter, potentially allowing unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.11 views

AiOPMSD Final SQL注入漏洞

AiOPMSD Final is a video stream download tool developed by AiOPMSD Corporation. Version 1.0.0 of AiOPMSD Final contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the id parameter, potentially allowing unauthenticated attackers to execute...

8.8CVSS6.2AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.13 views

WordPress plugin Simple History 授权问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.5CVSS5.8AI score0.00593EPSS
Exploits1References13
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.13 views

Lin-CMS-Spring-boot 访问控制错误漏洞

Lin-CMS-Spring-boot is a simple and easy-to-use CMS backend project developed by the TaleLin team. Versions of Lin-CMS-Spring-boot prior to 0.2.1 contained an access control vulnerability. This vulnerability stemmed from an unknown processing in the book component’s endpoint, specifically in the...

6.5CVSS6.5AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.14 views

Yot CMS SQL注入漏洞

Yot CMS is a content management system developed by Yot Corporation. Version 3.3.1 of Yot CMS has a SQL injection vulnerability. This vulnerability stems from the use of parameters named aid and cid, which can allow unauthorized attackers to execute arbitrary SQL queries by injecting malicious...

8.8CVSS6.1AI score0.0027EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/30 12:0 a.m.11 views

Student-Management-System 代码注入漏洞

Student-Management-System is an open-source student information management system developed by Cyber-III. Version 1.0 of STUDENT-MANAGEMENT-SYSTEM contains a code injection vulnerability. This vulnerability stems from the Name parameter on the dashboard page, which contains cross-site scripting,...

4.8CVSS5.8AI score0.00206EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

shopper 安全漏洞

Shopper is an open-source e-commerce management backend developed by Shopper Labs. Versions of Shopper prior to 2.8.0 contained security vulnerabilities. These vulnerabilities stemmed from the fact that multiple Filament operations listed in administrator order details and order shipping tables...

8.1CVSS5.8AI score0.00258EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The Scout Bobber + Tech 2025 has a security vulnerability caused by improper handling of physical conditions, which may allow physical attackers to bypass the...

4.6CVSS5.8AI score0.0016EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 RX Host contains an operating system command injection vulnerability. This...

7.8CVSS6AI score0.00505EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WordPress plugin Rank Math SEO 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00411EPSS
Exploits0References6
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.219 contained security vulnerabilities. These vulnerabilities stemmed from the password reset endpoint, which returned visuall...

5.3CVSS5.8AI score0.0021EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.4.29 contained security vulnerabilities. These vulnerabilities stemmed from a strategy-bypass vulnerability in QQBot administrator commands, which allowed authenticated senders to...

5.4CVSS5.9AI score0.00148EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Dokploy 信任管理问题漏洞

Dokploy is an open-source software developed by Dokploy itself. Versions of Dokploy from 0.27.0 to 0.29.3 had a security vulnerability related to trust management. This vulnerability stemmed from a hardcoded BETTERAUTHSECRET fallback value, which allowed unauthorized attackers to forge email-base...

10CVSS5.9AI score0.00351EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

StrongSwan security vulnerabilities

strongSwan is an open-source VPN solution based on IPsec, developed by Andreas Steffen of Switzerland. This solution includes X.509 public key certificates, secure storage of private keys, and authentication mechanisms such as smart cards. strongSwan has a security vulnerability, which stems from...

6.1AI score
Exploits3References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

XiaoMusic 路径遍历漏洞

XiaoMusic is a music playback tool developed by Hanxi, allowing unlimited song listening through the XiaoAi speaker. Version 0.5.7 of XiaoMusic has a path traversal vulnerability. This vulnerability stems from the GET /music/filepath:path endpoint, where unauthorized path traversal is allowed,...

8.7CVSS5.8AI score0.00513EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

FreeScout 安全漏洞

FreeScout is a lightweight and powerful free open-source help desk and shared inbox built using PHP Laravel framework by FreeScout Inc. Versions of FreeScout prior to 1.8.221 contained security vulnerabilities. These vulnerabilities stemmed from the ThreadPolicy::delete authorization policy not...

4.3CVSS5.8AI score0.00155EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

WordPress plugin Post Snippets 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.7AI score0.00244EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Acer Predator Connect W6x 安全漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a security vulnerability, which stems from improper access control in the MQTT proxy, allowing wildcard topic subscriptions, thereby exposin...

8.3CVSS5.8AI score0.00208EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WordPress plugin WP Maps Pro 访问控制错误漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

9.8CVSS6AI score0.09461EPSS
Exploits7References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Interinfo DreamMaker 安全漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a security vulnerability, which stems from relative path traversal. This vulnerability could allow privileged local attackers to download arbitrary system files...

6.9CVSS5.9AI score0.00347EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

Danelec Marine Danelec MacGregor Voyage Data Recorder 信任管理问题漏洞

The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. The Danelec Marine Danelec MacGregor Voyage Data Recorder has a vulnerability related to trust management, which stems from the default account that include...

8.7CVSS5.8AI score0.00226EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

WordPress plugin Simple Divi Shortcode 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

6.4CVSS5.8AI score0.00197EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

NI SystemLink Enterprise 安全漏洞

NI SystemLink Enterprise is an enterprise-level engineering platform developed by National Instruments NI in the United States. It provides a scalable system and test data management and analysis solution. Versions of NI SystemLink Enterprise prior to 2026-04 contained security vulnerabilities...

9.3CVSS5.9AI score0.00623EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.15 views

StrongDM 安全漏洞

StrongDM is an infrastructure access management platform developed by the US company StrongDM. Versions of StrongDM prior to 23.74.0 contained security vulnerabilities. These vulnerabilities stemmed from the storage of authentication status in plaintext, including JSON Web Tokens and key material...

2CVSS5.8AI score0.00132EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform and resource platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

TRENDnet TEW-432BRP 安全漏洞

TRENDnet TEW-432BRP is a dual-band wireless router produced by TRENDnet Corporation. Version 3.10B20 of TRENDnet TEW-432BRP has a security vulnerability. This vulnerability stems from a buffer overflow in the parameters ip/mask/gateway stored in the file/goform/formSetRoute, which could allow a...

9CVSS7.7AI score0.00835EPSS
Exploits1References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 contains an operating system command injection vulnerability. This vulnerability...

8.5CVSS6.1AI score0.00882EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Canon My Image Garden 安全漏洞

Canon My Image Garden is a photo management and printing software developed by the Japanese company Canon. Versions of Canon My Image Garden 3.6.8 and earlier contained security vulnerabilities. These vulnerabilities were due to improper handling of symbolic links in the installation process, whi...

5.1CVSS5.8AI score0.00123EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Remote Spark SparkView 安全漏洞

Remote Spark SparkView is a browser-based client software developed by Remote Spark, enabling remote desktop and terminal access. Versions of Remote Spark SparkView prior to build 1127 contained security vulnerabilities. These vulnerabilities stemmed from path traversal in RDP driver redirection,...

10CVSS6.3AI score0.00378EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.8 views

Interinfo DreamMaker 安全漏洞

Interinfo DreamMaker is an application developed by Interinfo Corporation in China. Interinfo DreamMaker has a security vulnerability, which stems from absolute path traversal. This vulnerability could allow unauthenticated remote attackers to read file names from any path...

6.9CVSS5.8AI score0.00387EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

WikidForum 跨站脚本漏洞

WikidForum is an open-source web-based forum management system developed by WikidForum. Version 2.20 of WikidForum has a cross-site scripting vulnerability. This vulnerability stems from the use of the replytext parameter to submit specially crafted HTML. As a result, authenticated attackers may...

5.4CVSS5.7AI score0.00215EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Danelec Marine Danelec MacGregor Voyage Data Recorder 安全漏洞

The Danelec Marine Danelec MacGregor Voyage Data Recorder is a series of ship navigation data recording systems developed by Danelec Marine. There is a security vulnerability associated with the Danelec Marine Danelec MacGregor Voyage Data Recorder. This vulnerability stems from the possibility f...

6.9CVSS5.8AI score0.00376EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Acer Wave 7 router 安全漏洞

The Acer Wave 7 router is a three-band wireless router from Acer, a company based in Taiwan, China. The Acer Wave 7 router has a security vulnerability. This vulnerability arises from the acercgi.log file, which can be accessed via a web interface without authentication, containing plaintext logi...

10CVSS5.8AI score0.00518EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Sitejo HaPe PKH SQL注入漏洞

Sitejo HaPe PKH is a community poverty alleviation project management system developed by Sitejo Corporation. Version 1.1 of Sitejo HaPe PKH contains an SQL injection vulnerability. This vulnerability arises from injecting SQL code through the desa POST parameter, allowing unauthenticated attacke...

8.8CVSS5.9AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the getupsfield function within the tomatodata.cgi file, which could allow a remote...

9CVSS7.6AI score0.00438EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

OpenClaw 安全漏洞

OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.5.4 contained security vulnerabilities. These vulnerabilities stemmed from authorization bypass vulnerabilities in the bundled device-pair plugin, allowing unauthorized chatters t...

8.7CVSS5.8AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WWBN AVideo 授权问题漏洞

WWBN AVideo is a video platform building system developed by the WWBN team using PHP. Versions of WWBN AVideo prior to 29.0 contained an authorization vulnerability. This vulnerability stemmed from the absence of user login checks and administrator gatekeeping in the objects/mention.json.php file...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. The Waterfall WF-500 has a vulnerability related to operating system command injection. This vulnerability stems from command injecti...

9.8CVSS6.1AI score0.0138EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

WordPress plugin WooCommerce Infinite Scroll and Ajax Pagination 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There is...

8.8CVSS6AI score0.00378EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Open ISES Project SQL注入漏洞

The Open ISES Project is an open-source information technology platform for emergency service organizations developed by Open ISES. Version 3.30A of the Open ISES Project contains a SQL injection vulnerability. This vulnerability arises from injecting malicious code through the ticklat and tickln...

8.8CVSS6.1AI score0.00334EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.13 views

Shibby Tomato 安全漏洞

Shibby Tomato is a third-party router firmware developed by Shibby’s individual developers. Version 1.28 of Shibby Tomato contains a security vulnerability. This vulnerability stems from a stack buffer overflow in the sub90F0 function of the multimon.cgi file, which could lead to remote attacks...

9CVSS7.5AI score0.00438EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.12 views

OpenSC 安全漏洞

OpenSC is an open-source smart card tool and middleware developed by OpenSC. Versions of OpenSC prior to 0.27.0 contained security vulnerabilities. These vulnerabilities stemmed from a stack and heap buffer overflow vulnerability in the dokeyvalue function located in src/pkcs15init/profile.c. Thi...

3.8CVSS6AI score0.00146EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.16 views

Waterfall WF-500 操作系统命令注入漏洞

The Waterfall WF-500 is a sending-side host component in the industrial control network unidirectional security gateway developed by the Israeli company Waterfall. Version 7.9.1.0 R2502171040 of the Waterfall WF-500 RX Host contains an operating system command injection vulnerability. This...

8.6CVSS6.1AI score0.00882EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.9 views

CP Plus CP Series 跨站脚本漏洞

The CP Plus CP Series is a series of video surveillance and security device products developed by CP Plus Company. The CP Plus CP Series contains a cross-site scripting vulnerability. This vulnerability stems from insufficient input cleaning in certain functional modules, allowing attackers to...

8.4CVSS5.7AI score0.00373EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Acer Predator Connect W6x 命令注入漏洞

The Acer Predator Connect W6x is a series of high-performance Wi-Fi 6/6E gaming routers produced by Acer of Taiwan, China. The Acer Predator Connect W6x has a command injection vulnerability. This vulnerability arises from the program’s failure to effectively filter or sanitize malicious inputs i...

10CVSS6.2AI score0.01338EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.11 views

Indian Motorcycle Scout Bobber + Tech 安全漏洞

The Indian Motorcycle Scout Bobber + Tech is a mid-level cruiser motorcycle produced by the Japanese company Indian Motorcycle. The 2025 version of the Indian Motorcycle Scout Bobber + Tech has security vulnerabilities. These vulnerabilities arise from attackers exploiting a flaw in the wireless...

4.6CVSS5.8AI score0.00181EPSS
Exploits0References1
Total number of security vulnerabilities195539